Numerous biometric access control installations are known from the prior art. EP-A2-1347420 discloses for example a control when entering a stadium, where the user has to have his fingerprint taken. The scanner is connected over a stadium computer with a national central computer and establishes within less than half a second that the user is a perfectly normal spectator. A revolving stake door is opened and the spectator can proceed. If a reference fingerprint corresponding to the taken fingerprint is however recorded in the computer, the user is a rioter or a ruffian. Instead of the revolving stake door, a side revolving door is opened and the undesired visitor is invited to leave. It is also conceivable that the reference fingerprint is stored on a chip card that the user has to carry. The card is inserted in the device and the comparison is performed locally.
US publication US-A1-2003/0197593 discloses a system in which access control and identification, for example for employees of a company, take place on the basis of recorded biometric data. The reference data are stored in a central database. In one embodiment, the biometric data of a user are taken and the central database is interrogated. In the case of positive identification, access is granted. The central data storage of the biometric data in this embodiment is less advantageous. It is questionable whether data security is guaranteed since hackers can penetrate a central computer or server and misuse is thus possible. Furthermore, data protection problems arise in the case of permanent storage of the biometric data.
On the other hand, many mobile devices are already provided with a biometric sensor. US-A1-2002/0089410 discloses a PDA with a smart card on which a fingerprint of the user is stored and that is connected to a fingerprint module. If the print taken by the sensor corresponds to the stored print, further functions (access to software etc.) are executed.
U.S. Pat. No. 6,119,096 further discloses a system in which airline passengers are recorded biometrically when booking the flight. The iris is scanned when booking and the recorded data is assigned to a person-bound data set of a common central database. The passenger receives his booking number for the desired flight, seat etc. At the airport, no further controls are provided to identify the passenger. He only needs to be identified biometrically by scanning the iris and can board his flight. It is again questionable whether sufficient data security of these sensitive data can be provided by a central storage of the biometric data. The mentioned data protection problems of permanent storage of the biometric data also apply here.
Publication DE-A1-101 33 647 concerns a method where a user connects with a (money or ticket) machine and is authenticated biometrically in order to access a service. In one variant embodiment, the fingerprints are stored in a database of a bank and a customer wishing to withdraw money at a machine is authenticated in front of the machine through comparison with the stored data. In particular, there is no disclosure of a service being ordered with a mobile device from a service provider and the service is always immediately provided at the machine.